Lucene search
K

1302 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.5 views

AlmaLinux 9 : bind9.18 (ALSA-2025:19950)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19950 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...

8.6CVSS6.7AI score0.1096EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.4 views

AlmaLinux 9 : bind (ALSA-2025:21110)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21110 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the precedi...

8.6CVSS6.7AI score0.00509EPSS
Exploits1References4
OSV
OSV
added 2025/11/14 3:54 p.m.3 views

SUSE-SU-2025:4107-1 Security update for bind

This update for bind fixes the following issues: - CVE-2025-40778: Address various spoofing attacks bsc1252379. - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator bsc1252380...

8.6CVSS5.6AI score0.00509EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.2 views

Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2020-11501)

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

7.4CVSS6.8AI score0.03388EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2019-1010025)

DISPUTED GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is ASLR bypass itself is not a vulnerability. This plugin only works with Tenable.ot. Please visit...

5.3CVSS6.4AI score0.02286EPSS
Exploits1References4
NVD
NVD
added 2025/11/12 10:15 p.m.6 views

CVE-2025-64429

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS0.00101EPSS
Exploits0References4
PyPA
PyPA
added 2025/11/12 10:15 p.m.7 views

PYSEC-2025-112

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS5.8AI score0.00101EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/12 4:47 p.m.1 views

MAL-2025-162603 Malicious code in nokire-kilua17 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5db4ea2fd04e60bffd2385818ff307c777dd5767a34b0be071538a3ab9769adc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/12 12:6 p.m.17 views

CVE-2025-12787

The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhbmeetingformsubmitcallback" function using insufficiently random values to generate...

5.3CVSS6.1AI score0.0026EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.4 views

Malicious code in nightmare-envconfig-nestjs-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ce283718877e46946175f033597ea72cdc7ff55bfdf108784806ef510eb5bbf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:29 a.m.3 views

Malicious code in react-bootstrap-publish-concurrently-command (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ca53b27778645d89b96eb595882242733d814a4cfe82678efc4b8e67b9ab61 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.3 views

MAL-2025-149471 Malicious code in wezen-uglify-js-stop-regulus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0cb747f817d3854691f2f4e78d85638306150ffa98f5d294bc280cfc35f51d9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.5 views

PT-2025-46723

Name of the Vulnerable Software and Affected Versions DuckDB versions 1.4.0 through 1.4.1 Description DuckDB, a SQL database management system, contains issues related to its block-based encryption implementation introduced in version 1.4.0. The system can fall back to an insecure random number...

6.9CVSS7.1AI score0.00101EPSS
Exploits0References7
AlmaLinux
AlmaLinux
added 2025/11/12 12:0 a.m.8 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

8.6CVSS6.8AI score0.00509EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.1 views

RHEL 9 : bind9.18 (RHSA-2025:21111)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21111 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...

8.6CVSS6.6AI score0.1096EPSS
Exploits1References8
OSV
OSV
added 2025/11/11 10:56 p.m.1 views

MAL-2025-137094 Malicious code in strange_shrew_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e39a01b860b47e216a5717789f8d4cf047a77b091de20e192db5de1a5d4abc2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 8:46 p.m.2 views

MAL-2025-128255 Malicious code in lina-tek63-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab6627c67647d3ec639013526d6a6fd1803e60af68ece71317deeacee3700926 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/11 8:46 p.m.1 views

MAL-2025-130627 Malicious code in tomi-kue43-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f05d3e601e1a685bf3f9f499a8dad0b430efe68a14e32f41996cb30d9a44efc1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 3:19 p.m.4 views

Malicious code in nina-keripik11-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef4f5700d451e2980bb9fe14afa1f2a1f729c76659dd586edc39aa646ec395e3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:16 a.m.4 views

Malicious code in lutfi-lapis7-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7513242b0c58e4de206f988fa8a039891e5c75cdeb7f08c258e3cb4c0e958dc3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder